Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to open the .tsidx file

muthukrishnan
New Member
‎12-28-2011 08:47 AM

I seen several file is shown .tsidx under the C:\Program Files\Splunk folder.
I want to know how to open that file.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MHibbin
Influencer
‎12-28-2011 09:10 AM

Hi,

I'm not sure how to open the files, they are used for Splunk indexing and as such it probably isn't wise to edit the file/archive.

The following Splunk documentation mentions some commands which may be of use... HOWEVER YOU SHOULD TAKE NOTE OF THE WARNING... "Caution: Do not use these commands without consulting Splunk Support first." which is noted at the beginning of the text.

If you are looking to clean event data out of the index you could use the CLI clean command detailed here, again take note... once the event data has been removed you can not restore unless you have the original stored.

Regards,

MHibbin

View solution in original post

Reply
Solved! Jump to solution

piebob
Splunk Employee
Splunk Employee
‎07-25-2013 12:18 PM

you can't open the files yourself, but you can use the tsidxprobe tool to have Splunk review them for you. check out:
http://docs.splunk.com/Documentation/Splunk/5.0.3/Troubleshooting/CommandlinetoolsforusewithSupport#...

for more info.

Reply
Solved! Jump to solution
Solution

MHibbin
Influencer
‎12-28-2011 09:10 AM

Hi,

I'm not sure how to open the files, they are used for Splunk indexing and as such it probably isn't wise to edit the file/archive.

The following Splunk documentation mentions some commands which may be of use... HOWEVER YOU SHOULD TAKE NOTE OF THE WARNING... "Caution: Do not use these commands without consulting Splunk Support first." which is noted at the beginning of the text.

If you are looking to clean event data out of the index you could use the CLI clean command detailed here, again take note... once the event data has been removed you can not restore unless you have the original stored.

Regards,

MHibbin

Reply
Solved! Jump to solution

MHibbin
Influencer
‎12-30-2011 03:43 AM

If this helped answer you question, can you please mark the answer as accepted.

0 Karma
Reply
Solved! Jump to solution

muthukrishnan
New Member
‎12-29-2011 11:22 PM

Thanks MHibbin

0 Karma
Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎12-28-2011 10:08 AM

Yes, these are Splunk's internal data format. Trying to open/edit them is very unwise.

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...